Security Engineer - SAST & SCA (Application Security)
Role details
Job location
Tech stack
Requirements
Required Qualifications Experience * 3-6+ years in Application Security, DevSecOps, or Secure Development * Hands-on experience with: o SAST and/or SCA tools in enterprise environments * Experience working closely with development teams and CI/CD pipelines Technical Skills * Strong knowledge of: OWASP Top 10 Secure coding practices (Java, Python, C/C++, JavaScript, etc.) * Experience with SAST tools such as: Checkmarx, Fortify, Veracode, CodeQL * Experience with SCA tools such as: Snyk, Black Duck, Mend, Dependabot DevSecOps & Automation * Familiarity with: CI/CD tools (GitHub Actions, Jenkins, GitLab CI, Azure DevOps) * Experience with: Scripting (Python, Bash, PowerShell) * Ability to: Automate workflows and integrate security into pipelines Vulnerability Management * Understanding of: CVSS scoring and risk prioritization Vulnerability tracking and remediation processes * Experience with: Jira or similar ticketing systems Preferred Qualifications * Certifications: CSSLP, GWAPT, OSCP (optional but valuable) Experience with: SBOM frameworks (CycloneDX, SPDX) Container security and dependency scanning Cloud-native application security * Familiarity with: Secrets scanning, IaC scanning tools (e.g., Terraform security)